def check_init(
s: Solver,
safety_only: bool = False,
minimize: Optional[bool] = None,
verbose: bool = True
) -> Optional[Tuple[syntax.InvariantDecl, Trace]]:
if verbose:
utils.logger.always_print('checking init:')
prog = syntax.the_program
t = s.get_translator(1)
with s.new_frame():
for init in prog.inits():
s.add(t.translate_expr(init.expr))
for inv in (prog.invs() if not safety_only else prog.safeties()):
with s.new_frame():
s.add(t.translate_expr(Not(inv.expr)))
if inv.name is not None:
msg = ' ' + inv.name
elif inv.span is not None:
msg = ' on line %d' % inv.span[0].lineno
else:
msg = ''
if verbose:
utils.logger.always_print(' implies invariant%s... ' % msg, end='')
sys.stdout.flush()
res = check_unsat([(inv.span, 'invariant%s does not hold in initial state' % msg)],
s, 1, minimize=minimize, verbose=verbose)
if res is not None:
if utils.args.smoke_test_solver:
state = State(res, 0)
for ax in prog.axioms():
if state.eval(ax.expr) is not True:
print('\n\n'.join(str(x) for x in s.debug_recent()))
print(res)
assert False, f'bad initial counterexample for axiom {ax.expr}'
for init in prog.inits():
if state.eval(init.expr) is not True:
print('\n\n'.join(str(x) for x in s.debug_recent()))
print(res)
assert False, f'bad initial counterexample for initial condition {init.expr}'
if state.eval(inv.expr) is not False:
print('\n\n'.join(str(x) for x in s.debug_recent()))
print(res)
assert False, f'bad initial counterexample for invariant {inv.expr}'
return inv, res
return None
def check_implication(
s: Solver,
hyps: Iterable[Expr],
concs: Iterable[Expr],
minimize: Optional[bool] = None) -> Optional[z3.ModelRef]:
t = s.get_translator(1)
with s.new_frame():
for e in hyps:
s.add(t.translate_expr(e))
for e in concs:
with s.new_frame():
s.add(t.translate_expr(Not(e)))
if s.check() != solver.unsat:
return s.model(minimize=minimize)
return None
def check_theorem(th: syntax.TheoremDecl,
s: Solver,
errmsgs: List[Tuple[Optional[syntax.Span], str]] = [],
verbose: bool = True) -> Optional[Trace]:
if th.num_states == 2:
num_states = 2
elif th.num_states == 1:
num_states = 1
else:
num_states = 0
t = s.get_translator(num_states)
with s.new_frame():
s.add(t.translate_expr(Not(th.expr)))
return check_unsat(errmsgs, s, num_states, verbose=verbose)
def check_bmc(s: Solver, safety: Expr, depth: int, preconds: Optional[Iterable[Expr]] = None,
minimize: Optional[bool] = None) -> Optional[Trace]:
prog = syntax.the_program
if preconds is None:
preconds = (init.expr for init in prog.inits())
t = s.get_translator(depth + 1)
with s.new_frame():
for precond in preconds:
s.add(t.translate_expr(precond))
s.add(t.translate_expr(syntax.New(syntax.Not(safety), depth)))
for i in range(depth):
s.add(t.translate_expr(New(safety, i)))
assert_any_transition(s, t, i, allow_stutter=False)
res = s.check()
if res == solver.sat:
z3m = s.model(minimize=minimize)
m = Z3Translator.model_to_trace(z3m, depth + 1)
return m
elif res == solver.unknown:
print('unknown!')
return None
def assert_any_transition(s: Solver,
t: Z3Translator,
state_index: int,
allow_stutter: bool = False) -> None:
prog = syntax.the_program
uid = str(state_index)
tids = []
for transition in prog.transitions():
tid = z3.Bool(get_transition_indicator(uid, transition.name))
tids.append(tid)
s.add(
z3.Implies(
tid,
t.translate_expr(
New(transition.as_twostate_formula(prog.scope),
state_index))))
if allow_stutter:
tid = z3.Bool(get_transition_indicator(uid, '$stutter'))
tids.append(tid)
frame = syntax.And(*DefinitionDecl._frame(prog.scope, mods=()))
s.add(z3.Implies(tid, t.translate_expr(New(frame, state_index))))
s.add(z3.Or(*tids))
def check_two_state_implication_all_transitions(
s: Solver,
old_hyps: Iterable[Expr],
new_conc: Expr,
minimize: Optional[bool] = None,
) -> Optional[Tuple[z3.ModelRef, DefinitionDecl]]:
t = s.get_translator(2)
prog = syntax.the_program
with s.new_frame():
for h in old_hyps:
s.add(t.translate_expr(h))
s.add(t.translate_expr(New(Not(new_conc))))
for trans in prog.transitions():
with s.new_frame():
s.add(t.translate_expr(trans.as_twostate_formula(prog.scope)))
res = s.check()
assert res in (solver.sat, solver.unsat), res
if res != solver.unsat:
return s.model(minimize=minimize), trans
return None
def check_transitions(
s: Solver,
minimize: Optional[bool] = None,
verbose: bool = True
) -> Optional[Tuple[syntax.InvariantDecl, Trace, DefinitionDecl]]:
lator = s.get_translator(2)
prog = syntax.the_program
with s.new_frame():
for inv in prog.invs():
s.add(lator.translate_expr(inv.expr))
for ition in prog.transitions():
if 'check_transition' in utils.args and \
utils.args.check_transition is not None and \
ition.name not in utils.args.check_transition:
continue
if verbose:
utils.logger.always_print('checking transition %s:' % (ition.name,))
with s.new_frame():
s.add(lator.translate_expr(ition.as_twostate_formula(prog.scope)))
for inv in prog.invs():
if 'check_invariant' in utils.args and \
utils.args.check_invariant is not None and \
inv.name not in utils.args.check_invariant:
continue
with s.new_frame():
s.add(lator.translate_expr(New(Not(inv.expr))))
if inv.name is not None:
msg = ' ' + inv.name
elif inv.span is not None:
msg = ' on line %d' % inv.span[0].lineno
else:
msg = ''
if verbose:
utils.logger.always_print(' preserves invariant%s... ' % msg, end='')
sys.stdout.flush()
res = check_unsat([(inv.span, 'invariant%s is not preserved by transition %s'
% (msg, ition.name)),
(ition.span, 'this transition does not preserve invariant%s'
% (msg,))],
s, 2, minimize=minimize, verbose=verbose)
if res is not None:
if utils.args.smoke_test_solver:
pre_state = res.as_state(i=0)
for ax in prog.axioms():
if pre_state.eval(ax.expr) is not True:
print('\n\n'.join(str(x) for x in s.debug_recent()))
print(res)
assert False, f'bad transition counterexample for axiom {ax.expr} in pre state'
for pre_inv in prog.invs():
if pre_state.eval(pre_inv.expr) is not True:
print('\n\n'.join(str(x) for x in s.debug_recent()))
print(res)
msg = f'bad transition counterexample for invariant {pre_inv.expr} in pre state'
assert False, msg
# need to implement mypyvy-level transition->expression translation
# res.eval_double_vocabulary(transition, start_location=0)
post_state = res.as_state(i=1)
if post_state.eval(inv.expr) is not False:
print('\n\n'.join(str(x) for x in s.debug_recent()))
print(res)
msg = f'bad transition counterexample for invariant {inv.expr} in post state'
assert False, msg
return inv, res, ition
return None
from solver import Solver print(Solver.add(3, 5))
def test_add(self):
res = Solver.add(1, 2)
self.assertEqual(res, 3)
res = Solver.add(4, 5)
self.assertEqual(res, 9)